search

bitwarden / clients

Bitwarden client apps (web, browser extension, desktop, and cli).
https://bitwarden.com
Other
8.75k stars 1.15k forks source link

Master password reprompt missing (browser extension, web vault and desktop app) #9202

Open pamperer562580892423 opened 2 months ago

pamperer562580892423 commented 2 months ago

Steps To Reproduce

  1. Go to the browser extension, web vault or desktop app.
  2. Click on "new entry" or "edit entry"
  3. Scroll down through the whole "form"
  4. The "master password reprompt"-check is nowhere to find.

Expected Result

  1. Find/see the "master password reprompt" and 2. being able to check or uncheck it.

Actual Result

The "master password reprompt"-check is nowhere to find. (no text, no checkbox... nothing)

Screenshots or Videos

"New entry" in my browser extension (2024.4.2) - "master password repromt"-option nowhere to find:

image image

"New entry" in my web vault - "master password repromt"-option nowhere to find:

image

"New entry" in my desktop app (2024.4.3) - "master password repromt"-option nowhere to find:

image

Additional Context

I just tested this out of curiousity, because in the Community Forum was a problem with autofilling IDs and master password reprompt reported (https://community.bitwarden.com/t/autofilling-id-requires-master-password/66935).

Therefore I don't know how long I am missing the option.

And by the way: it is there in my mobile app (2024.4.0, Android 13).

Operating System

Windows

Operating System Version

Windows 11

Web Browser

Brave

Browser Version

Version 1.65.133

Build Version

2024.4.2

Issue Tracking Info

pamperer562580892423 commented 2 months ago

And by the way: it is there in my mobile app (2024.4.0, Android 13).

What I meant was: the option is there for me (only) in the mobile app. (2024.4.0, Android 13)

Adedamola-Aina commented 2 months ago

Hi @pamperer562580892423

I attempted to reproduce your issue and was unable to do so. could you please log out then log back into your vault.

We use GitHub issues as a place to track bugs and other development related issues. If your issue persists, please write us back using our “Contact support” form located on our Help Center (https://bitwarden.com/help/).

You can include a link to this issue in the message content.

Alternatively, you can also search for an answer in our help documentation or get help from other Bitwarden users on our community forums (https://community.bitwarden.com/c/support/).

Thanks!

pamperer562580892423 commented 2 months ago

@Adedamola-Aina Thanks, but I just was logged out (again: browser extension, web vault, desktop app) and logged in again. Same situation as you can see in my pictures above. The option is still nowhere to find for me (exception: in the mobile app). BTW: in the web vault-picture from yesterday it was a free account I use for testing - but now I logged in also to my premium account in the web vault and this option is missing too. (but not that surprising, since the pictures from the browser extension and desktop app were from my premium account - and so it happens with two accounts for me...)

Jademalo commented 2 months ago

I'd like to add myself to the list of people having this issue, I first noticed it on 2024/05/01 and made a post on the community forums.

I have attempted various things such as logging out and reinstalling the extension, but I still don't need to input my master password when using the Firefox extension.

Interestingly, using the desktop app or the web vault I do have to put in my master password again, so this does seem to specifically be an issue with the Firefox extension for me. The option is also still available to select on the desktop app and the web app.

CoocooFroggy commented 2 months ago

I too am having this issue. It seems like a security vulnerability as anyone can access or edit details of a "master password reprompt" item without needing the master password.

edmundo096 commented 1 month ago

Same issue on Chrome 2024.4.2 and Desktop 2024.4.1.

JordanBarnartt commented 1 month ago

I'd like to report this same issue on the Firefox browser extension version 2024.4.2. Firefox itself is version 126.0.1. Using the web vault does re-prompt for my master password, but as described above, the Firefox extension does not re-prompt and the option to enable/disable the feature is missing.

Update: Removing the extension from Firefox and re-installing it fixed the issue for me.

pamperer562580892423 commented 1 month ago

@Adedamola-Aina et al.: I still too have this. Checked just now in my browser extension and desktop app: there is still no option to check or uncheck the master-password-repromt. The option is completely missing. Every app up-to-date, logged out and in multiple times the last two weeks. This is definitively a bug.

pamperer562580892423 commented 1 month ago

Quick update: I just did the update of the browser extension to 2024.5.2 (Chrome / Brave). The option is still missing (regardless if I edit an entry or create a new vault item - the master password option is simply not there).

And I'm beginning to think, this might be a server issue, because in my case, it is not only one client where the option is missing, but - as I wrote in the title - in all three clients (browser extension, web vault, desktop app), except on mobile (Android).

Toryalai1 commented 1 month ago

I have the same issue. Chrome: 125.0.6422.142

Bitwarden extension: image

pamperer562580892423 commented 1 month ago

I can add a few things:

  1. I still have this with the new web vault version 2024.6.0 ("cloud", so server 2024.6.0).
  2. But in the web vault, I seem to have the master prompt only missing, when I login with my passkey. I can't say, if this is "new", because the last few months I almost always logged in to the web vault via passkey...
  3. And the other way round, for the web vault: When I log in with master password and 2FA, the option is there.
  4. But, I still have the option missing e.g. in my browser extension 2024.5.2 (on Brave, Windows 11), though obivously I don't log in to that per passkey.
  5. I now didn't check the desktop app. Maybe when the 2024.6.0 update arrives there...

PS / Edit:

  1. Now I just deinstalled and reinstalled the browser extension (as mentioned in 4.) like @JordanBarnartt recommended, and alas, the master password reprompt is there again.
pamperer562580892423 commented 1 month ago

... and:

  1. I also deinstalled and reinstalled the desktop app (then 2024.6.0). At first, the master password reprompt was not there. But I was still logged in (PIN-unlock), so I logged out. And now, the master reprompt "appeared" at last.

So for me, now in all clients, the master reprompt back again (browser extension, web vault, desktop app).

CoocooFroggy commented 1 month ago

It seems like it reappeared for me?? Bitwarden extension version 2024.4.2 and Firefox 127.0. Desktop version 2024.5.0 (24604)